Multiple Stack-Based Buffer Overflows in GNU C Library
CVE-2014-9761

9.8CRITICAL

Key Information:

Vendor
Suse
Status
Linux Enterprise Server
Linux Enterprise Debuginfo
Linux Enterprise Software Development Kit
Linux Enterprise Desktop
Vendor
CVE Published:
19 April 2016

Summary

The GNU C Library, also known as glibc or libc6, has a vulnerability that allows context-dependent attackers to induce a denial of service or potentially execute arbitrary code. This flaw stems from multiple stack-based buffer overflows triggered by improperly handled long arguments passed to specific functions, including nan, nanf, and nanl. When exploited, these vulnerabilities can lead to application crashes, affecting system reliability and security.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2017:1916
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.